stphnwlkr

It just so happens that everybody who has been able to use it has super admin rights. I made an assumption that it was because we were admins.

So, it turns out in multisite that current_user_can will not work on this capability because it is disabled even for admins. Only super admins have access. The team thinks there might be a flaw in Core that needs to be resolved and are researching. The code we used was:

function multisite_allow_unfiltered_html_per_role( $caps, $cap, $user_id, $args ) { if ( ‘unfiltered_html’ === $cap ) { $user = get_userdata( $user_id ); $roles = $user->roles; foreach ( $roles as $role ) { $role = get_role( $role ); if ( $role->has_cap( ‘unfiltered_html’ ) ) { return $caps = array( ‘unfiltered_html’ ); } } } return $caps; } add_filter( ‘map_meta_cap’, ‘multisite_allow_unfiltered_html_per_role’, 1, 4 );

This makes it an available capability and we use Capabilities Pro to enable it.

Still not working in my hosting environment (WordPress VIP). I am also checking with them to see if there is a conflict.

I tried the code, and I tried adding the unfiltered_html capability to Capabilities Pro, and neither seems to work. Capabilities Pro states it is an unrecognized capability.

I sent this to the Kadence team last week. To date, there is not a fix that addresses all the issues.While the finding states <= to 3.2.34 it also states that there is no known fix. Version 3.2.35 and beyond have yet to address the issues. I know 3.2.36 added some sanitization updates, but until the “No known fix” statement is updated, the WP scanners will continue to identify this as a vulnerability.

Just a follow-up. I attempted to update (1.03), but it still had the problem. The build folder was missing. I downloaded and manually updated, and all the files were there. I spun up a new instance of WP and installed fresh, and all the files were there. Both instances of WP were on the same platform with the same configuration. I have tried a fresh install on another hosting platform, and 1.04 seems to resolve the issue.

• This reply was modified 9 months, 3 weeks ago by stphnwlkr.

Thank you.

I can verify that the latest update seems to have resolved the issues. Thank you.

Further context. In addition to breaking the post creation and editing functionality, I cannot adjust the settings (error). I thought I could maintain the functionality if I could turn off the post-based features. Not so. I have to disable the plugin, add or edit a post, then reactivate the plugin…not a great experience.

Getting the same error when I try to create a new post. No certificate issue.

An error of type E_ERROR was caused in line 193 of the file E:\Inetpub\Siteroot\internal-website\wp-content\plugins\seriously-simple-podcasting\php\classes\handlers\class-admin-notifications-handler.php. Error message: Uncaught Error: Cannot use object of type WP_Error as array in E:\Inetpub\Siteroot\internal-website\wp-content\plugins\seriously-simple-podcasting\php\classes\handlers\class-admin-notifications-handler.php:193
Stack trace:
#0 E:\Inetpub\Siteroot\internal-website\wp-content\plugins\seriously-simple-podcasting\php\classes\handlers\class-admin-notifications-handler.php(159): SeriouslySimplePodcasting\Handlers\Admin_Notifications_Handler->get_response()
#1 E:\Inetpub\Siteroot\internal-website\wp-content\plugins\seriously-simple-podcasting\php\classes\handlers\class-admin-notifications-handler.php(101): SeriouslySimplePodcasting\Handlers\Admin_Notifications_Handler->is_nginx()
#2 E:\Inetpub\Siteroot\internal-website\wp-includes\class-wp-hook.php(308): SeriouslySimplePodcasting\Handlers\Admin_Notifications_Handler->maybe_show_nginx_error_notice()
#3 E:\Inetpub\Siteroot\internal-website\wp-includes\class-wp-hook.php(332): WP_Hook->apply_filters()
#4 E:\Inetpub\Siteroot\internal-website\wp-includes\plugin.php(517): WP_Hook->do_action()
#5 E:\Inetpub\Siteroot\internal-website\wp-admin\includes\class-wp-screen.php(424): do_action()
#6 E:\Inetpub\Siteroot\internal-website\wp-admin\includes\screen.php(243): WP_Screen->set_current_screen()
#7 E:\Inetpub\Siteroot\internal-website\wp-admin\admin.php(212): set_current_screen()
#8 E:\Inetpub\Siteroot\internal-website\wp-admin\post-new.php(10): require_once('...')
#9 {main}
 thrown